HIGH PERFORMANCE ELLIPTIC CURVE CRYPTO-PROCESSOR FOR FPGA PLATFORMS

Size: px

Start display at page:

Download "HIGH PERFORMANCE ELLIPTIC CURVE CRYPTO-PROCESSOR FOR FPGA PLATFORMS"

Gwendolyn Floyd
5 years ago
Views:

1 HIGH PERFORMANCE ELLIPTIC CURVE CRYPTO-PROCESSOR FOR FPGA PLATFORMS Debdeep Mukhopadhyay Dept. of Computer Science and Engg. IIT Kharagpur 3/6/2010 NTT Labs, Japan 1

2 Outline Elliptic Curve Cryptography Finite Field Arithmetic The Elliptic Curve Crypto Processor Performance Comparisons Conclusion 2

3 Two Important Paradigms Faster Smaller Higher Clocks Parallelism Large Bandwidth Low Power Smaller Area Both Applications require security 3

4 Security on Miniature Devices Current Security Algorithms (RSA) Key size of 2048 bits too large Too Computationally Intensive (too much power and too slow) Solution : Elliptic Curve Cryptography 4

5 Why ECC Smaller key and yet large security Small size of implementation and less power consumption BUT IS IT FAST ENOUGH?? SOLUTION : HARDWARE ACCELERATORS 5

6 Objective of the Work To build hardware accelerators for ECC on FPGA platforms for high performance applications. 6

7 FPGA Logic Block LUT Four Input, One Output. Can contain 16x1 SRAM. Can implement any four input truth table. 7

8 LUT Utilization requires 1 LUT also requires 1 LUT Results in an under utilized LUT Design goal is to reduce the number of under utilized LUTs 8

9 Elliptic Curves An Elliptic Curve is the set of points which satisfy the equation Inserting different values of constants would give different elliptic curves. Points on the elliptic curve along with a special point called the point at infinity form a Group under addition. 9

10 Point Addition (P+Q) -(P+Q) (P+Q) 10

11 Point Doubling -2P 2P 11

12 Scalar Multiplication Given a point P=(x,y) determine kp = P + P + P +. (k times) Double and Add algorithm 12

13 Elliptic Curves in Cryptography Given k and P it is easy to find kp Given kp and P it is hard to find k. Therefore, k is the Private Key, and kp is the Public Key. 13

14 Elliptic Curves in Cryptography Each x and y coordinate on the elliptic curve is taken from a finite field. Two finite fields are considered Prime Field (GF(p)) Binary Finite Field (GF(2 m )) 14

15 ECC Construction Elliptic Curve Cryptography Scalar Multiplication Group Operations (Point Addition, Point Doubling, Point Halving) Finite Field Arithmetic (Addition, Multiplication, Inversion) 15

16 Binary Finite Fields Addition Is done by a simple XOR operation. Subtraction Same as addition. Multiplication Multiplication is done using polynomial multiplication, followed by a modular operation with the irreducible polynomial. 16

17 Squaring 17

18 Finite Field Multiplication We choose the Karatsuba multiplier as it is the fastest. For Elliptic Curves there are three types of combinational Karatsuba multipliers. Simple Karatusba Multiplier. Binary Karatsuba Multiplier. General Karatsuba Multiplier. 18

19 Simple Karatsuba Multiplier 19

20 Recursive Simple Karatsuba Multiplier 20

21 General Karatsuba Multiplier Instead of splitting into two, splits into more than two. For example, an m bit multiplier is split into m different multiplications. 21

22 Comparing the General and Simple Hybrid Karatsuba Multiplier For all recursions less than 29 use the General Karatsuba Multiplier. For all recursions greater than 29 use the Simple Karatsuba multiplier 22

23 Example 233 bit Hybrid Karatsuba Multiplier 23

24 Multiplicative Inverse Given an element a, find a -1 in the field such that a.a -1 = 1. Techniques Extended Euclid s Algorithm Fermat s Little Theorem Fermat s Little Theorem is more efficient on hardware than the Euclidean technique. Fermat s Little Theorem a -1 = a n-2 mod n For example 3*3 (5-2) mod 5 = 3*2 mod 5 = 1 24

25 Itoh-Tsujii method for Binary Finite Fields We need to find a -1 = a 2m -2 for m=233 We first define an addition chain for m 1 (1,2,3,6,7,14,28,29, 58,116, 232) Then, define β k = a 2k -1 then a -1 = (a ) 2 = (β 232 ) 2 Also define the recursion β k+j = (β k ) 2j β j 25

26 Computing the inverse of a In all we need 232 squarings and 10 multiplications. 26

27 Using Quads instead of Squarers On an FPGA, Quads have better LUT utilization compared to squarers. Delay of a quad and a squarer is the same Therefore we propose a Quad Itoh-Tsujii algorithm which uses quad circuits instead of squarers.. 27

28 Quad Itoh Tsujii Algorithm We now require 115 quads (instead of 232) and 10 multiplications. We save 7 clock cycles. 28

29 Performance of Quad-Itoh Tsujii on Virtex 4 and 5 Platforms Quad ITA Virtex 4 Virtex 5 Squarer ITA 29

30 Comparisions for NIST Binary Curves having irreducible Trinomials 30

31 Comparision for Inversion in GF(2 193 ) on XCV3200efg1156 Platform The Quad-ITA offers the best performance than sequential or parallel ITA. We have tested on this on various fields and on modern FPGAs. 31

32 Multiplication vs Inversion Finite field inversion is several times more expensive than multiplication. Therefore we need to reduce the inversions present. One solution is to use a 3 coordinate system (Projective Coordinates) Each 2 coordinate point (x,y) called Affine Point, is mapped to a unique point in the projective plane with coordinates (X,Y,Z) 32

33 Projective Coordinates Point Addition Point Doubling Conversion between Projective and Affine 33

34 The Elliptic Curve Crypto Processor 34

35 QuadBlock 35

36 The FSM 36

37 Parallel Point Arithmetic Point Addition Point Doubling 37

38 Control Words 38

39 Performance Results 39

40 Comparisons Saqib 2004, does not do the final conversion from projective to affine coordinates Chelton 2008, has better latency than our implementation, but we have a better area time product. Area time product : Chelton is 894 while our area time product is

41 Conclusion The paper presents an implementation of an Elliptic Curve Crypto Processor. High speed obtained by implementations of Hybrid Karatsuba multiplier Quad Itoh Tsujii inversion algorithm. The Hybrid Karatsuba multiplier can be used to minimize LUT requirements and increase operating frequency. The Quad Itoh Tsujii algorithm can be used to reduce computation time. 41

42 References Chester Rebeiro, Debdeep Mukhopadhyay: High Speed Compact Elliptic Curve Cryptoprocessor for FPGA Platforms. INDOCRYPT 2008: Chester Rebeiro, Sujoy Sinha Roy, Sankara Reddy and Debdeep Mukhopadhyay, "Revisiting the Itoh-Tsujii Inversion Algorithm for FPGA Platforms", To Appear in IEEE Transactions on VLSI Systems. 42

43 Thank You 43

Outline. Fast Inversion Architectures over GF(2 233 ) using pre-com puted Exponentiation Matrices. SCD Nov , 2011.

Outline. Fast Inversion Architectures over GF(2 233 ) using pre-com puted Exponentiation Matrices. SCD Nov , 2011. Outline Introduction Inversion over Binary fields GF(2^m) Multiplication over GF(2^m)/F(x) fields Fast architectures based on pre-computed matrices Results and conclusions SCD2011 - Nov. 17-18, 2011. Murcia